How to Conduct a Small Business Security Audit

How to Conduct a Small Business Security Audit

  • business security auditIs your small business secure? Are you sure? Businesses experience ten times more burglaries than households, yet many company owners consider their business more secure than their home. Businesses are also likely to be repeatedly re-victimized, with 17% of burgled businesses representing 69% of incidents.

    It’s easy to miss security flaws that leave a company exposed. Focusing on the day-in, day-out needs of the operation can push security by the wayside. Here’s an outline of a basic small business security audit that will highlight issues to address. You may find that it reveals some surprising things that need your immediate attention.

    Take a Tour

    To set the stage for a thorough security assessment, you first have to step back and look at your business objectively. Physically tour your property as if you’re a visitor, auditor or even a criminal. If it helps, take along a trusted friend so you can see what an outsider would see.

    As you walk around, think about vulnerabilities. What valuable things stand out? What’s shiny and new? What’s old or broken?

    Make a list of physical components like:

    • The size of the land and adjacent roads
    • How many stories and rooms the building has
    • Whether there are shared walls and/or adjacent businesses
    • The locations of outer stairwells and ladders to the rooftop
    • How many windows and doors there are
    • The locations of storage and outbuildings
    • Where vehicles are parked and the condition of parking lots
    • Where money, safes, and inventory are located
    • Where alarms are located and their central point of access
    • Security features that may or not be in good working order

    Also, take a closer look at your technology-related property, including:

    • Company phones, mobile phones, laptops, and tablets
    • Computerized systems
    • Cash registers
    • Servers and memory storage
    • Surveillance equipment, cameras, and speakers

    Assess Your Access

    Your physical assessment will lead you to think about access at all levels. Thieves don’t just climb in a window – they also creep into your data through cyber attacks. Customers, vendors, suppliers, and delivery drivers can compromise security through day-to-day access to your property. Employees may be tempted to sneak into private zones and information – in fact, one-third of business bankruptcies are the result of employee theft. Is your access too lax?

    Think about these point of access:

    • Your website
    • Credit card processing
    • Inventory delivery and management
    • Company computers and mobile phones
    • Software installation and maintenance
    • Any equipment that is part of a network
    • Who has access to your Wi-Fi, if you have it
    • Building maintenance and security personnel
    • Docks and delivery points
    • Confidential information, like client records
    • Intellectual property, copyrights, trademarks

    Examine weak points where criminals could slip in unnoticed. How are your employees’ computers and laptops secured during non-work hours? Who has keys to the room where your servers are kept? Do ex-employees still have access to the building, your website, or other cloud-based systems?

    Audit Your Alarm System

    Assuming that you have an alarm system of some kind on your building, as part of your security audit you should take a look at the system and make sure it’s up to the task (if you don’t have an alarm system, then getting one should probably be one of your top priorities).

    Here are some questions that you ask yourself about your alarm system:

    • Is the alarm monitored by a reputable alarm monitoring company?  Un-monitored alarms that don’t alert the police when they are triggered won’t do you much good, and neither will a sub-par alarm monitoring company.  You should be using a monitoring company that has the Five Diamond Certification from the The Monitoring Association, a premier industry trade group (Dynamark Monitoring has this certification).
    • Is the alarm monitored wirelessly through the cellular system?  Alarms monitored through a landline can be disabled by cutting the phone line, a fact that burglars are well aware of.  The industry has been moving away from this method of alarm monitoring for years, and if you are still using it you should strongly consider changing to wireless alarm monitoring.
    • Are there contacts on all possible points of entry including all doors and windows?
    • Was the system installed by a security professional?
    • Is there a procedure for testing the alarm on a regular basis?  Who is responsible for testing it, and is that test actually being done?
    • Are employees who have a need to use the alarm trained on how to arm and disarm it?

    Determine Attitudes and Habits

    When you’ve taken the time to look at your assets and access points, it might become clear that your company has certain areas that seem riskier than others. Perhaps your outbuildings are secured tightly with locks and alarms, but lots of people have access to your office’s computer server room.

    At this point, it’s important to evaluate the prevailing security attitudes and habits in your company. Here are some questions to ask:

    • What is the overall attitude toward security here?
    • Who is responsible for our security program?
    • Do we enforce security policies? How?
    • How recently have we developed/updated our emergency plan (fire, tornado, power)?
    • What are the local police, fire, and ambulance response times to our location?
    • Do we have monitoring equipment like CCTV cameras and intruder detection?
    • Who is trained on using our security systems?
    • Who is allowed into our buildings? And how do we identify intruders?
    • Do we have restrooms, vending machines, or other areas for public use?
    • How do we handle deliveries and packages?
    • Do our employees know how to report security threats?

    Identify and Prioritize Weaknesses

    All of the previous steps come together to allow you to build a picture of your security weaknesses. List them and begin to prioritize. Maybe the risk of a flood is fairly low, but you’ve had repeated instances of vehicle vandalism. This means it’s less urgent to work on your disaster plan than it is to get a CCTV security system for your parking lot.

    As you identify weaknesses, look for effective ways to address them. Consider adding some of these security solutions:

    • Lighting, including motion detectors and powerful flood lights.
    • Physical barriers like bollards, tire strips, gates, and fences.
    • Warning signs.
    • Guard staff and routine checkpoints.
    • Key cards and other forms of electronic locking/tracking.
    • Video doorbells.
    • Alarms of all types – fire, intrusion, tamper, motion.
    • Restricted and monitored access points – windows, doors, docks, lockers, safes.
    • Cameras and wired or wireless security systems – keep in mind that businesses have been slower to adopt wireless systems than homeowners, meaning wired business alarms can often be disabled by burglars.

    Finally, after your audit is complete, it’s essential to build a new company culture of security. The best security equipment in the world is useless if your employees aren’t using it correctly.

    Develop a company-wide plan that lays out specific security procedures. Hold people accountable for security breaches. Train new employees on the rules, and continue to educate everyone about the plan on an ongoing basis.

    Small BUsiness Security Audit Infographic

    Ready to do a small business security audit? Partner with a reputable provider like Dynamark Security to make sure your new plan is secure on all fronts.